SPAMMAIL an admin@
Markus Heinze
max at freecards.de
Mi Dez 7 19:49:13 CET 2016
Moin moin,
ich vermisse den initialen connect from im Logfile, ich vermute mal das
dieser Rechner Mail und Webserver ist, daher denke ich mal das eine
Website gehackt wurde und localhost wird eh per default vom Postfix
vertraut und er spammt demnach wild los, mal die php x headers loggen
lassen dann findet man die Schwachstelle
lg max
Am 07.12.2016 um 13:31 schrieb Günther J. Niederwimmer:
> Hallo,
>
> ich "dachte" vor solchen Problemen geschützt zu sein mit postscreen DANE DNSBL
> amavis usw. dem scheint aber nicht so zu sein :-(.
>
>
> Am Mittwoch, 7. Dezember 2016, 13:17:49 CET schrieb Paul:
>> Am 07.12.2016 um 12:34 schrieb Günther J. Niederwimmer:
>>> Hallo Liste,
>>>
>>> Ich habe seit neuestem ein Problem mit Postfix ?
>>>
>>> Das Teil nimmt auf einmal Mails für admin at example.com an und möchte Sie
>>> weitersenden ?
>> Schick mal bitte zu einem solchen Versandvorgang, einen vollständigen
>> Auszug aus der Logdatei.
> Ich hänge mal einen Auszug an domain geändert hoffe ich ;-)
>
>>> So eine richtige Spamschleuder halt?
>>>
>>> Die Frage dabei, ich habe gar keinen User "admin" auf dem Mailsystem
>>> natürlich ist aber postfix für die Domain example.com zuständig ?
>> Kann viele Ursachen haben.
>> Mit einem Protokollauszug eines konkreten Versandvorgang, kann man das
>> bestimmt eingrenzen.
>>
>>> Die User Verwaltung kommt von Dovecot (LDAP).
>>>
>>> SPF Record ist gesetzt...
>>>
>>> im Moment etwas ratlos............ :-(.
>>>
>>> postconf -n
>>> alias_database = hash:/etc/aliases
>>> alias_maps = hash:/etc/aliases
>>> bounce_template_file = /etc/postfix/bounce.de-DE.cf
>>> broken_sasl_auth_clients = yes
>>> command_directory = /usr/sbin
>>> config_directory = /etc/postfix
>>> daemon_directory = /usr/libexec/postfix
>>> data_directory = /var/lib/postfix
>>> debug_peer_level = 2
>>> debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd
>>> $daemon_directory/$process_name $process_id & sleep 5
>>> html_directory = no
>>> inet_interfaces = all
>>> inet_protocols = all
>>> mail_owner = postfix
>>> mailq_path = /usr/bin/mailq.postfix
>>> manpage_directory = /usr/share/man
>>> message_size_limit = 20480000
>>> mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
>>> myhostname = smtp.esslmaier.at
>>> mynetworks = 127.0.0.0/8, 192.168.55.0/24, 217.xxxx.xxx.208/28,
>>> [2a02:xxxx:xxxx:xxxx::]/56
>>> newaliases_path = /usr/bin/newaliases.postfix
>>> non_smtpd_milters = $smtpd_milters
>>> postscreen_access_list = permit_mynetworks cidr:/etc/postfix/
>>> postscreen_access.cidr
>>> postscreen_bare_newline_action = drop
>>> postscreen_bare_newline_enable = yes
>>> postscreen_blacklist_action = drop
>>> postscreen_dnsbl_action = enforce
>>> postscreen_dnsbl_reply_map = texthash:/etc/postfix/dnsbl_reply
>>> postscreen_dnsbl_sites = zen.spamhaus.org*3 bl.mailspike.net*3
>>> b.barracudacentral.org*2 bad.psky.me*2 psbl.surriel.com bl.blocklist.de
>>> bl.spamcop.net spam.spamrats.com bl.spameatingmonkey.net dnsbl.cobion.com
>>> ix.dnsbl.manitu.net hostkarma.junkemailfilter.com dnsbl.inps.de
>>> list.dnswl.org=127.0.[0..255].0*-1 list.dnswl.org=127.0.[0..255].1*-2
>>> list.dnswl.org=127.0.[0..255].[2..3]*-3 iadb.isipp.com=127.0.[0..255].
>>> [0..255]*-2 iadb.isipp.com=127.3.100.[6..200]*-2 wl.mailspike.net=127.0.0.
>>> [17;18]*-1 wl.mailspike.net=127.0.0.[19;20]*-2
>>> postscreen_dnsbl_threshold = 3
>>> postscreen_dnsbl_ttl = 1h
>>> postscreen_dnsbl_whitelist_threshold = -1
>>> postscreen_greet_action = enforce
>>> postscreen_non_smtp_command_enable = yes
>>> postscreen_pipelining_enable = yes
>>> postscreen_whitelist_interfaces = static:all
>>> queue_directory = /var/spool/postfix
>>> readme_directory = /usr/share/doc/postfix-2.11.8/README_FILES
>>> recipient_delimiter = +
>>> relay_domains = hash:/etc/postfix/relay_domains,
>>> sample_directory = /usr/share/doc/postfix-2.11.8/samples
>>> sendmail_path = /usr/sbin/sendmail.postfix
>>> setgid_group = postdrop
>>> smtp_sasl_auth_enable = yes
>>> smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
>>> smtp_sasl_security_options = noanonymous
>>> smtp_sasl_type = cyrus
>>> smtp_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt
>>> smtp_tls_loglevel = 1
>>> smtp_tls_mandatory_ciphers = high
>>> smtp_tls_mandatory_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, MD5,
>>> PSK, aECDH, EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CDB3-SHA, KRB5-DES,
>>> CBC3-SHA smtp_tls_mandatory_protocols = !SSLv2,!SSLv3
>>> smtp_tls_note_starttls_offer = yes
>>> smtp_tls_protocols = !SSLv2,!SSLv3
>>> smtp_tls_security_level = may
>>> smtp_use_tls = yes
>>> smtpd_helo_required = yes
>>> smtpd_helo_restrictions = permit_mynetworks, reject_invalid_hostname
>>> smtpd_milters =
>>> inet:127.0.0.1:8891,inet:127.0.0.1:8893,inet:127.0.0.1:10024
>>> smtpd_recipient_restrictions = permit_sasl_authenticated,
>>> permit_auth_destination, permit_mynetworks, reject_unauth_destination,
>>> reject smtpd_sasl_auth_enable = yes
>>> smtpd_sasl_authenticated_header = no
>>> smtpd_sasl_path = private/auth
>>> smtpd_sasl_security_options = noanonymous,
>>> smtpd_sasl_tls_security_options = noanonymous,
>>> smtpd_sasl_type = dovecot
>>> smtpd_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt
>>> smtpd_tls_CApath = /etc/pki/certs
>>> smtpd_tls_ask_ccert = yes
>>> smtpd_tls_auth_only = no
>>> smtpd_tls_cert_file = /etc/pki/tls/postfix/certs/post_cert.pem
>>> smtpd_tls_dh1024_param_file = /etc/pki/tls/postfix/private/dh_2048.pem
>>> smtpd_tls_dh512_param_file = /etc/pki/tls/postfix/private/dh_512.pem
>>> smtpd_tls_eecdh_grade = ultra
>>> smtpd_tls_key_file = /etc/pki/tls/postfix/private/post_key.pem
>>> smtpd_tls_loglevel = 1
>>> smtpd_tls_mandatory_ciphers = high
>>> smtpd_tls_mandatory_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, MD5,
>>> PSK, aECDH, EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CDB3-SHA, KRB5-DES, CBC3-SHA
>>> smtpd_tls_mandatory_protocols = !SSLv2,!SSLv3
>>> smtpd_tls_protocols = !SSLv2,!SSLv3
>>> smtpd_tls_received_header = yes
>>> smtpd_tls_security_level = may
>>> smtpd_use_tls = yes
>>> tls_preempt_cipherlist = yes
>>> tls_random_bytes = 128
>>> transport_maps = hash:/etc/postfix/transport, $relay_domains,
>>> unknown_local_recipient_reject_code = 550
>>> unverified_recipient_reject_code = 577
>>> virtual_alias_maps = hash:/etc/postfix/virtual
>>> virtual_transport = lmtps:inet:mailstore:24
>>>
>>> Um jede Hilfe dankbar und auf eine Antwort hoffend,
>
Mehr Informationen über die Mailingliste Postfixbuch-users